Cross-Site Scripting Vulnerability in Vesta Control Panel by VestaCP
CVE-2019-9841

6.1MEDIUM

Key Information:

Vendor

Vestacp

Status
Control Panel
Vendor
CVE Published:
19 April 2019

What is CVE-2019-9841?

Vesta Control Panel version 0.9.8-23 is susceptible to a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute malicious scripts through crafted URLs, potentially compromising user data and session information. This flaw can be exploited via the file manager API, highlighting the need for immediate security measures and updates to protect users from potential threats posed by this vulnerability.

References

https://forum.vestacp.com/viewtopic.php?f=25&t=18599&sid=...
x_refsource_CONFIRM
https://github.com/serghey-rodin/vesta/commit/c28c5d29a3c...
x_refsource_CONFIRM
https://cardaci.xyz/advisories/2019/04/15/vesta-control-p...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.